<%@ page contentType="text/html; charset=UTF-8" %> <%-- - - Copyright (C) 2004-2008 Jive Software, 2017-2025 Ignite Realtime Foundation. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. --%> <%@ page import="org.jivesoftware.util.*, org.jivesoftware.openfire.user.*, java.net.URLEncoder" errorPage="error.jsp" %><%@ page import="org.xmpp.packet.JID"%> <%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %> <%@ page import="java.nio.charset.StandardCharsets" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> <%@ taglib prefix="admin" uri="admin" %> <% admin.init(request, response, session, application, out ); %> <% // Get parameters // boolean cancel = request.getParameter("cancel") != null; boolean update = request.getParameter("update") != null; String username = ParamUtils.getParameter(request,"username"); String password = ParamUtils.getParameter(request,"password"); String passwordConfirm = ParamUtils.getParameter(request,"passwordConfirm"); Cookie csrfCookie = CookieUtils.getCookie(request, "csrf"); String csrfParam = ParamUtils.getParameter(request, "csrf"); if (update) { if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) { update = false; } } csrfParam = StringUtils.randomString(15); CookieUtils.setCookie(request, response, "csrf", csrfParam, -1); pageContext.setAttribute("csrf", csrfParam); // Handle a cancel if (cancel) { response.sendRedirect("user-properties.jsp?username=" + URLEncoder.encode(username, StandardCharsets.UTF_8)); return; } // Load the user object User user = admin.getUserManager().getUser(username); // Handle a password update: boolean errors = false; boolean unsupported = false; if (update) { // Validate the passwords: if (password != null && password.equals(passwordConfirm)) { try { user.setPassword(password); if (!SecurityAuditManager.getSecurityAuditProvider().blockUserEvents()) { // Log the event admin.logEvent("set password for user "+username, null); } // Done, so redirect response.sendRedirect("user-password.jsp?success=true&username=" + URLEncoder.encode(username, StandardCharsets.UTF_8)); return; } catch (UnsupportedOperationException uoe) { unsupported = true; } } else { errors = true; } } %> <fmt:message key="user.password.title"/> <% if (UserManager.getUserProvider().isReadOnly()) { %>
<% } %> <% if (errors) { %> <% } else if (unsupported) { %> <% } else if (request.getParameter("success") != null) { %> <% } %>

: <%= StringUtils.escapeHTMLTags(JID.unescapeNode(user.getUsername())) %>


" name="update"> " name="cancel">
<% // Disable the form if a read-only user provider. if (UserManager.getUserProvider().isReadOnly()) { %> <% } %>